Threat Intelligence Blog

Weekly Threat Intelligence: July 26, 2016

Posted July 26, 2016

Energy

“A sophisticated piece of government-made malware, designed to do reconnaissance on energy grid’s system ahead of an eventual cyberattack on critical infrastructure, was found on a dark web hacking forum.

Cybersecurity researchers usually catch samples of malicious software like spyware or viruses when a victim who’s using their software such as an antivirus, gets infected. But at times, they find those samples somewhere else. Such was the case for Furtim, a newly discovered malware, caught recently by researchers from the security firm SentinelOne.“

Insurance/Healthcare

“The FBI has reported an increase in ransomware attacks and media have reported a number of ransomware attacks on hospitals,” OCR director Jocelyn Samuels wrote in a blog post announcing the guidance, which notes that there have been an average of 4,000 daily ransomware attacks since early 2016, a 300 percent increase over the 1,000 daily ransomware attacks reported in 2015.“

– eSecurity Planet

Financial Services

“Hackers, believed to be Russian nationals, stole around $2.2 million from ATMs in Taiwan, possibly using just their smartphones, and fled the country the following day, reports The Register, quoting Taiwanese police. Security camera footage shows the crooks used a connected device, but no bank card, to work several ATM machines of First Bank, say the police.

Craig Young of security tools firm Tripwire says it was likely the First Bank hackers “had installed malware ahead of time, enabling a wireless connection to ‘jackpot’ the ATMs.” Three malware strains reportedly showed up on the breached machines. He believes a weak wireless service could also allow hackers to access ATMs.“

Technology

“France is not happy with Microsoft’s Windows 10, and it has nothing to do with the annoying update reminders. In a report, the CNIL (France’s data protection commission) has called the user data collection in Windows 10 “excessive.”

The CNIL specifically highlighted the ways in which Microsoft collects data on every app downloaded and installed by a user, and how much time the user spends in each app. The report calls attention to a security concern: there is no limit to the amount of times someone can incorrectly attempt to guess the 4-digit PIN that users place on their accounts.“

Defense

“The US Congress has just recovered after a three-day DDoS attack that has crippled its online portal congress.gov, along with adjacent sites such as the US Library of Congress (loc.gov) and the US Copyright Office (coypright.gov).

The attack started on Sunday evening, July 17, and initially targeted the Library of Congress website, affecting the same server infrastructure on which the other two websites were also hosted.

Despite initial defensive measures, the attack slowly escalated in the following days and continued to cause trouble for government officials and site visitors until five hours before this article’s publishing date.”